How will Russia influence European elections?

Cyber security has become an issue inseparably associated with the recent election in the United States. The election campaign was marred by politically motivated hacks combined with strategic releases of the information acquired through them. While the debate in the US shifted to the possibility of retaliatory measures, European states are concerned whether the US scenario will repeat in their country.

Lessons learned from the US elections

Despite reports about planned US cyber attacks, that according to the NBC network were supposed to exploit backdoors in Russian systems to cripple Kremlin agenda, transportation and other infrastructure targets, the only remaining retaliatory measure for the hacks was the expulsion of 35 Russian diplomats, who were, according to the US, connected to intelligence services. The expulsion of that many members of diplomatic staff is a severe step but not a functional punishment. If they really were members of the Russian intelligence community, the United States considerably damaged their own capacities. While the US will have to spend a large amount of time and resources to uncover new members of the GRU and SVR, the replacements will operate without the supervision of the US security apparatus.

Moreover, the move is unlikely to deter Russiafrom other similar activities. This is evident from phishing attempts directed at American think tanks, which were documented immediately after the completion of the elections. According to experts, the attacks were launched by the Russian group APT29/Cozy Bear and were aimed at the aforementioned institutions to obtain fresh information about activities in Washington.

“Europe that can be described as a traditional sphere of activity of these participants, is considered particularly vulnerable.”

Russia’s strategic thinking and modus operandi on European soil

The implementation and circumstances of the cyber campaigns in the United States aimed at manipulating the elections is fully consistent with the principles of contemporary Russian strategic culture and goes in line with the concept of hybrid warfare introduced in 2013 by Russian Armed Force Chief of Staff Valery Gerasimov. This approach strongly emphasizes the impact of information operations and social disintegration on enemy territory by using a combination of conventional and unconventional measures. It does so in a manner that is not punishable by international law, which limits the possibilities of self-defence. The leading domain that allows realization of such activities is cyberspace.

The APT groups that promote Russian strategic interests are active worldwide, but Europe that can be described as a traditional sphere of activity of these participants, is considered particularly vulnerable. That is caused by closer economic tie to the Russian Federation, and in some countries by a large Russian minority. The practices detailed in the following paragraphs – including the seemingly one-off, limited and easily realizable activities – can be understood as a part of a complex strategy of hybrid warfare that utilizes their combined potential.

Firstly, European countries are facing cyber espionage conducted by the pro-Russian APT groups that target governments, security organizations, media and other institutions with valuable information in their systems. The threat of cyber espionage - that is a relatively common practice for many states – is highlighted by its role in the United States hacking scandal, where information gathering from espionage was the first and most essential step of the entire campaign.

Another form that is applied by the Russians in the European space is similar to hacktivism and carried out by DDoS and other open attacks on the media and state institutions. These cyber actions typically appear in relation to events of Russian interest. Examples include incidents during the presidential elections in Montenegro or DoS attacks that hit Lithuania during the summit of the Crimean Tatars last year. Moreover, the wave of cyber attacks that hit the leading Swedish media in March 2016 is associated with Russia as well. Also, it should be reminded that the rate of specifically targeted DDoS attacks saw a substantial increase during the crisis between Russia and Turkey in 2015, Russia and Estonia in 2007 and during military conflicts in Georgia and Ukraine. Sophisticated actions carried out with the likely intention of causing panic can be also categorized as coercive operations. These are represented by the false flag attack on the French TV5 Monde and the potential unrealized pre-election attack on the English media.

"In post-Brexit European Union, the countries facing the greatest threat are the most influential EU members – Germany and France."

Cyberspace is also the domain of disinformation campaigns that promote the Russian perspective on world affairs including the membership of European countries in the EU or NATO, the so-called immigration crisis and other phenomena with the special emphasis on issues that divide societies. This phenomenon is particularly witnessed in some Eastern European countries. EU member states are beginning to respond to these threats by adapting strategic documents and establishing special centres aimed at evaluating such campaigns and reducing their influence. The above mentioned cyber espionage and coercive operations in cyberspace are ideal means of supporting the implementation of these activities.

France and Germany

With regard to hybrid warfare, a likely aim of these operations is radicalization of domestic population (and/or Russian diasporas) together with efforts to undermine confidence in government institutions and the political system. In post-Brexit European Union, the countries facing the greatest threat are the most influential EU members – Germany and France. Both countries are also hold key political events, autumn parliamentary elections in Germany and spring presidential election in France. Paris and Berlin have also been for a long time targeted by (presumably) Russian hackers and face heavy cyber pressure, even by European standards.

Germany has faced Russian aggression repeatedly in recent years. In 2015, there was a months-long penetration into computer systems of the Federal Parliament conducted by the APT28 group. The same collective was also involved in phishing operations against local political representatives, which included repeated attacks against the ruling Christian Democratic Union. German intelligence agency BfV linked the mentioned incidents with possible cyber attacks on critical infrastructure, against which it repeatedly warned.

In the case of the second country, Russia is being mentioned mostly in the connection with the false flag operation against TV5 Monde, during which, according to available information, the same APT group presented itself as hackers of the Islamic State. In the context of the hybrid war concept, the chosen form of an attack attests to the focus of its creators on utilising the fear of Islamic radicalism amid terror attacks and the so-called migration crisis. The false association with Islamist hackers is not an isolated case, because the same method was usein the cyber attack against the Warsaw Stock Exchange.

"Russia will likely use a combination of disinformation campaigns (already happening), DDoS attacks and other "low-profile" activities…[that are] easier to distance from."

Attacks during upcoming elections

Due to the easy access to information of political representatives and the lack of an effective response to such activities from superpowers like the United States, we can assume that similar operations will happen during upcoming elections in Europe. Open criticism of Russia’s information war from European governments and the current modus operandi in the European space suggest that Russia will likely use a combination of disinformation campaigns (already happening), DDoS attacks and other "low-profile" activities. Unlike operations that involve a long-term and easily documented collection of emissions data by APTs, such smaller attacks are easier to distance from via intermediaries, while presenting a credible denial of involvement in the matter.

Larger campaigns similar to those during the United States elections are not excluded - especially in the context of attacks on country with strategic importance to Russia. However, the disadvantage of this scenario is the fact that the recent attacks in the US were on the brink of tolerance. If they are repeated against worried European countries, the current vague status quo of cyberspace will be threatened. The situation then could turn against the Russian Federation.